Log In

Opinion: Time for Google to bring us a trustworthy cloud

Google's Street View was a high-profile case of the giant's lax information security but there are other examples.

Why is Google so bad at information security?

For the sake of a trustworthy cloud, it’s time for Google to get its information security act together.

Like most IT journalists I tend to pay a lot of attention to what happens at the ad-search giant. It's a consequence of its weight in the market and history of influencing society and business, often for the better.

And, of course, because Google has created so many cool gadgets with which to amuse us.

So it has been with dismay bordering on incredulity that I have often been gobsmacked by its ambivalence to information security and trust.

These are uber-smart people, these Googlers. I have seen them trounce a room of hundreds of very smart people -- including a few game show winners and pub-trivia regulars -- in IQ tests and I suspect there are enough geniuses at the company's Sydney headquarters to form their own chapter of Mensa.

So why does Google do such a poor job of keeping people's information secure?

And it's a big worry for anyone who considers the cloud a viable option for their organisation or personal data or that of their customers. Because, as a market leader, Google's approach to security, trust and compliance is the standard that other providers feel they must meet, and little more. And, right now, that standard should give you pause for thought before moving into the cloud.

It seems an uncomfortable, even boring, fit to Google's lightspeed engineers intent on changing the world a line of code at a time. And in some ways maintaining our privacy, at least, is a difficult proposition for a company that revolves around selling us ads and making money off our activities.

And although Google properly commissioned a report into its Street View debacle, it would have been happy to see the matter go away by deleting the information before fuller inquiries could be conducted.

My worries were heightened at the time when I put questions to Google's head of engineering in Australia, Alan Noble (remember, Google Maps originated here). Noble knew, or ought to have known, who the wi-fi culprit coder was but no sanction would be taken, he said.

There was another technology company that dominated IT that once had a similar attitude.

More than 10 years ago, after the first surge of modern, internet-enabled malware hammered the credibility and stock price of software behemoth and Google-of-its-day, Microsoft's Bill Gates in one of his last major acts as chief executive officer initiated the Trustworthy Computing scheme.

Gates was talking not just about patching technologies after the fact but a fundamental and radical change to sew security into the fabric of software written at the desktop and applications maker and extending that appreciation to the wider industry.

At the time, open source and free software made much of the "many-eyes" approach to security; that is, with lots of people viewing code, it will be inherently more secure than a proprietary system or "security through obscurity". This is the approach Google, at its core an organisation that believes in free-software principles, chose for its Android Market smartphone app store.

While information security at Microsoft is still a day-by-day proposition, it has made big advances in software architecture to protect users' data and the weave of society as we become more connected with every device we slip into our pockets, slide on to our desktops or nurse in our possessions.

It's time for Google to wake from its slumber, to amp up the volume on information security and make the net safer for us all.

I call on Google to update Microsoft's vision with its own initiative, let's call it "Trustworthy Cloud".

This isn't an engineering task - a task Google with its likely genius-level median IQ is more than up to - as much as it is one of recrafting the culture of the organisation to put security first in everything it does.

Google needs to understand that information security must be built in at the outset of every project and is integral to its long-term success, that of their customers and partners and our path to the cloud.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.